<? 
	session_start();
	include ('conn.php');
	$script ="";
	if($_POST['username']=='' || $_POST['password']==''){
		do_redirect('../login.php?e=dr');				
	}
	$db = get_conn();

	$sql = "select * from users  where name='".$_POST['username']."' and ustatus='A'";
	$result = mysql_query($sql);
	if($result){
		if(mysql_num_rows($result) > 0){
			$row = mysql_fetch_array($result);
			if(strtolower($row['passwd']) ==strtolower($_POST['password'])){

				
				$_SESSION['session_is_admin'] =	is_admin($row['id_user']);														
				$_SESSION['session_realname'] = $row['name'];
				$_SESSION['session_id_user'] = $row['id_user'];
				$_SESSION['session_id_location'] = $row['id_location'];				
				$_SESSION['debug'] = $row['debug'];				
				$_SESSION['session_roles'] =get_my_roles($_SESSION['session_id_user']);

				if($_SESSION['session_roles'] ==""){
					do_redirect("../index.php?e=er&u=".$_POST['username']);								
				}
				update_last_login($row['id_user']);
				do_redirect('../menu.php'); 	  
				
			}else{
				do_redirect('../index.php?e=ip&u='.$_POST['username']); 
			}		
		}//>0
		else{
			do_redirect('../index.php?e=iu&u='.$_POST['username']); 		
		}
	}else{
		error_handling(__FUNCTION__.$sql,mysql_error());
	}	
	
	
function update_last_login($id_user){
	if($id_user !=''){
		$sql = "update users set last_login=\"".date('Y-m-d H:i:s')."\", last_ip=\"".$_SERVER['REMOTE_ADDR']."\"where id_user=".$id_user;
		$result = mysql_query($sql);
		if(!$result){
			error_handling('users.update - '.$sql,mysql_error());
		}	
	}
}

?>